Feature request: Crowdstrike deploy via tags

  • 19 April 2024
  • 1 reply
  • 16 views
D
Badge

We’ve been making good use of the Automox Agent Deployer and it really has helped us get started quickly. As we enter the next phase of our rollout, we want to target deployments with a given Automox Key to a subset of machines that share a Crowdstrike Host Group with machines we don’t want to target - so we’d really like to be able to deploy using FalconGroupingTag and SensorGroupingTag.

I think our workarounds would be move machines into different Crowdstrike Host Groups, which would be challenging due to our other integrations, or manually run the script against each host via Crowdstrike RTR, which would require other development work and doesn’t make use of the excellent Automox Agent Deployer that is already built.

1 reply

jack.smith
Userlevel 5
Badge +1

@danrubins Why not modify the script generated by RTR within the CrowdStrike console with an approved list for the rollout?

Disclaimer, it’s been awhile since I’ve used Crowdstrike, but I do recall making my own changes to the RTR generated script to manage regular health checks like is the amagent service running beyond is Automox installed. Was a pretty slick setup.

for example:

$allowed = 'pc01','pc01','pc03'

IF($ENV:COMPUTERNAME -in $allowed){

### script data already generated by RTR found in CrowdStrike Console

}

 

Reply


Terms & ConditionsCookie settings